- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
Finding Hidden Attack Surface in Any Web App — Real Pentest Methodology
Most web app recon tutorials skip the methodology — they show you the answer, not the workflow that finds it. This video walks the actual methodology pentesters use to find attack surface that's reachable but not exposed in the UI: forgotten routes, orphaned API endpoints, dev-only features that shipped to production by accident.
The workflow uses four tools — Burp Suite to capture the baseline, LinkFinder to extract endpoints from JavaScript, ffuf to enumerate the API surface server-side, and browser DevTools to extract the client-side SPA route table. We demonstrate on OWASP Juice Shop, but the workflow is portable to any modern web application: Angular, React, Vue, Next.js, anything.
TOOLS USED
- Burp Suite Community: https://portswigger.net/burp/communitydownload
- LinkFinder (Gerben Javado): https://github.com/GerbenJavado/LinkFinder
- ffuf (Joona Hoikkala): https://github.com/ffuf/ffuf
- SecLists wordlists: https://github.com/danielmiessler/SecLists
- OWASP Juice Shop: https://owasp.org/www-project-juice-shop/
- Firefox Developer Tools (built-in)
AUTHORIZATION NOTE
Every technique shown is demonstrated against OWASP Juice Shop, a deliberately vulnerable application designed for security training. Use these techniques only on systems you own or have written authorization to test. Unauthorized access is a violation of the Computer Fraud and Abuse Act (18 U.S.C. § 1030) and equivalent laws worldwide.
#bugbounty #pentesting #infosec #cybersecurity #owasp #ethicalhacking #appsec #websecurity #hacking #redteam #penetrationtesting #bugbountytips #owaspjuiceshop #burpsuite #recon
Видео Finding Hidden Attack Surface in Any Web App — Real Pentest Methodology канала Journey Cybersecurity
The workflow uses four tools — Burp Suite to capture the baseline, LinkFinder to extract endpoints from JavaScript, ffuf to enumerate the API surface server-side, and browser DevTools to extract the client-side SPA route table. We demonstrate on OWASP Juice Shop, but the workflow is portable to any modern web application: Angular, React, Vue, Next.js, anything.
TOOLS USED
- Burp Suite Community: https://portswigger.net/burp/communitydownload
- LinkFinder (Gerben Javado): https://github.com/GerbenJavado/LinkFinder
- ffuf (Joona Hoikkala): https://github.com/ffuf/ffuf
- SecLists wordlists: https://github.com/danielmiessler/SecLists
- OWASP Juice Shop: https://owasp.org/www-project-juice-shop/
- Firefox Developer Tools (built-in)
AUTHORIZATION NOTE
Every technique shown is demonstrated against OWASP Juice Shop, a deliberately vulnerable application designed for security training. Use these techniques only on systems you own or have written authorization to test. Unauthorized access is a violation of the Computer Fraud and Abuse Act (18 U.S.C. § 1030) and equivalent laws worldwide.
#bugbounty #pentesting #infosec #cybersecurity #owasp #ethicalhacking #appsec #websecurity #hacking #redteam #penetrationtesting #bugbountytips #owaspjuiceshop #burpsuite #recon
Видео Finding Hidden Attack Surface in Any Web App — Real Pentest Methodology канала Journey Cybersecurity
Комментарии отсутствуют
Информация о видео
23 мая 2026 г. 22:00:55
00:14:59
Другие видео канала
